Disclaimer

The content of this blog is intended for informational purposes only. It is not intended to solicit business or to provide legal advice. Laws differ by jurisdiction, and the information on this blog may not apply to every reader. You should not take, or refrain from taking, any legal action based upon the information contained on this blog without first seeking professional counsel.

Tag: CFAA

Earlier this year, the Seventh Circuit affirmed summary judgment for a real estate analytics company sued by a software firm who claimed the company was pilfering on-line land records.

The plaintiff in Fidlar Technologies v. LPS Real Estate Data Solutions,810 F.3d 1075 (7th Cir. 2016) developed a software program called “Laredo” that computerized real estate records and made them available to viewers for a fee. The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records. The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data.

The Computer Fraud And Abuse Act (CFAA) Claim

The Court found the was a lack of evidence to support plaintiff’s Computer Fraud and Abuse Act (CFAA) claim as plaintiff could not show the defendant’s “intent to defraud” or “damage” under the CFAA. See CFAA, 18 U.S.C. s. 1030.

CFAA: Intent to Defraud (18 U.S.C. s. 1030(a)(4)

The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.” An intent to defraud can be shown by circumstantial evidence since direct intent evidence is typically unavailable.

The Court credited the defendant’s sworn testimony that printing real estate records was a minor part of its business and that it did pay maximum monthly access fees for computerized real estate data.

The defendant also produced evidence that it used its harvester not only in fee-charging counties, but also in those that didn’t charge at all. This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.

Finally, the Court noted that defendant’s agreements with the various county offices (which made the real estate data available) didn’t expressly prohibit the use of a web harvester. These factors all weighed against finding intentional conduct under the CFAA by the defendant analytics company.

CFAA: Transmission and Damage Claim (18 U.S.C. s. 1030(a)(5)(a)

The Seventh Circuit also rejected the plaintiff’s CFAA transmission claim; echoing the District Court’s cramped construction of the CFAA. The Court described the CFAA’s aim as punishing those who access computers in order to delete, destroy, or disable information.

“Damage” is defined in the CFAA as “any impairment to the integrity or availability of data, a program, a system or information….” 1030(e)(8). The Court interpreted this as destructive behavior aimed at injuring physical computer equipment or its stored data. Examples of this type of damaging conduct includes using a virus or deleting data. Flooding an email account with data could also qualify as CFAA damage according to at least one case cited by the court.

Here, the defendant’s conduct didn’t impair the integrity of any computer hardware or compromise any real estate data. The defendant’s attempt to bypass on-line printing access and print fees is not the type of damage envisioned by the CFAA. According to the Court, mere copying of computer data doesn’t fit the CFAA’s damage definition. 18 U.S.C. § 1030(e)(8).

Afterwords:

Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff. The case also illustrates that a successful CFAA claimant must show its computer equipment was physically harmed or its data destroyed. Otherwise, a plaintiff will have to choose a non-CFAA remedy such as a breach of contract, trespass to chattels or trade secrets violation.

The plaintiff developed a program called “Laredo” that computerized real estate records and made them available to viewers for a fee. The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records. The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data.

The Computer Fraud And Abuse Act Claim

On its Computer Fraud and Abuse Act, 18 U.S.C. s. 1030 (“CFAA”) claim, the Court found there was a lack of evidence of defendant’s intent to defraud based on defendant evading the printing fees. The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.”

The court noted that defendant offered sworn testimony that printing real estate records was a minor part of its business and that it did pay the various counties the maximum monthly access fee for the real estate data. The defendant also produced evidence that it used its “client” program (which could avoid the time tracking and printing charges) not only in fee-charging counties, but also in those that didn’t charge at all. This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.

Siding with the defendant, the court applied the CFAA restrictively. It found that the Act’s aim is to punish those who access computers with the intention of deleting, destroying, or disabling information they find.

Attempting to avoid paying for minutes and printing fees – the “damage” alleged to have been done by the defendant here – wasn’t the type of damage contemplated by the CFAA. The mere copying of electronic information from a computer system isn’t enough to satisfy the CFAA’s damage requirement. 18 U.S.C. § 1030(e)(8).

Trespass to Chattels

The plaintiff’s trespass to chattels claim was also rejected. Trespass to chattel is an archaic legal doctrine aimed at protecting the integrity of someone’s personal property. To successfully claim trespass to chattels, a plaintiff i must show “direct physical interference.”

The court noted that any interference was plaintiff’s claimed loss of subscription revenue and loss of goodwill. These losses didn’t equal a physical threat to the proper functioning of plaintiff’s servers.

Afterwords:

Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff. The case also amply illustrates that a successful CFAA claimant must show that its computer equipment or system was physically damaged or its data destroyed. Otherwise, the proper remedy lies in a breach of contract or trade secrets violation.

The plaintiff developed a computer program that allowed recorder of deeds’ offices from around the country to provide users with public access to real estate records for a fee. The defendant software company developed a data harvester program that bypassed plaintiff’s protective controls and then captured the real estate data without paying fees.

When plaintiff found out, it brought CFAA claims and state law trespass to chattels claims against the defendant. Defendant moved to dismiss plaintiff’s claims.

Held: Defendant’s motion to dismiss denied.

Reasons:

The CFAA provides a civil cause of action to a plaintiff injured by computer fraud or hacking. A CFAA “transmission claim” prohibits a defendant from knowingly transmitting a program (such as a data harvester) without authorization that causes damage to a protected computer. A CFAA plaintiff must show loss of at least $5,000 in any one-year period. 18 U.S.C. §§ 1030(a), (c).

Plaintiffs also adequately pled loss of at least $5,000 under the CFAA: plaintiff claimed it spent over $80,000 investigating the extent of defendant’s invasion of plaintiff’s software and in making software repairs and adjustments to prevent further service interruptions. ¶¶ 7-8; 18 U.S.C. 1030(e)(11)(loss definition).

The Court also sustained (in part) the plaintiff’s trespass to chattel claims. Trespass to chattel – a sparingly used tort occasionally applied to cyberspace lawsuits – provides a remedy where a defendant intentionally interferes with the plaintiff’s personal property and causes harm to it. ¶ 9.

The plaintiff’s trespass to chattel claim based on its computer data wasn’t actionable since electronic public data isn’t physical or private property owned by the plaintiff.

But plaintiff did make out a trespass to chattels claim with respect to its computer servers. The servers were sufficiently tangible (or physical) to underlie a trespass to chattels claim. Plaintiff’s claim that defendant accessed the servers and impaired the servers’ quality, condition and value adequately met the Federal notice pleading standard. ¶¶ 10-11.

Defendant’s Counterclaim

Defendant’s injunctive relief and tortious interference claims were rejected. The court found that plaintiff’s conduct was privileged under the “honest advice” privilege and the First Amendment Petition Clause.

The latter privilege applied since the counties with whom plaintiff dealt were all government agencies. Plaintiff’s statements to the counties concerning the defendant’s unauthorized data mining were protected “petitions” to those counties: plaintiff asked the counties to cut off defendant’s access to plaintiff’s software. ¶¶ 14-17.